This round-up summarises the developments that generated the most interest from in-house lawyers in the past three months, including government proposals on corporate governance, preparing for the GDPR, the EU-US Privacy Shield, Brexit and several interesting High Court decisions.
Government proposals on corporate governance
Since becoming Prime Minister, Theresa May has made several statements about cracking down on executive pay and poor corporate governance, and including consumers and workers represented on company boards. All these issues were addressed in the Business, Innovation and Skills Committee inquiry on corporate governance, which came to a close on 26 October 2016.
Action items: Companies should consider responding to the government’s recently published Green Paper on corporate governance reform. The deadline for responses is 17 February 2017.
ICSA guidance on minute taking
The Institute of Chartered Secretaries and Administrators (ICSA) published new guidance on minute taking in September. The guidance discusses how quorum and conflicts of interest should be covered in board minutes, the style of writing, the level of detail and how to deal with dissent in the minutes.
The guidance has a role in establishing best practice for minute taking and includes several useful practical tips, such as:
- Minutes should summarise key points and focus on the decision. The reason for the decision should be documented and include sufficient background information for future reference.
- Minutes should allocate actions as they provide evidence of discharging duties, ensure accountability and that agreed actions are not overlooked.
Action points: Companies should review their approach to minute taking in the light of the guidance.
Revised GC100 and Investor Group directors’ remuneration reporting guidance published
The GC100 and Investor Group published revised guidance on directors’ remuneration reporting guidance in August. Key changes to the guidance included clarifying the remuneration committee’s use of discretion in determining remuneration outcomes, including the situations in which investors generally expect the committee to consider exercising discretion to moderate formulaic remuneration outcomes.
Action items: In-house lawyers may use the guidance to benchmark and update remuneration committees on their duties, in preparing or reviewing draft directors’ remuneration reports for shareholder approval or reviewing remuneration policies in advance of their financial year ends.
Risk of enforcement action for organisations still relying on invalid Safe Harbor framework
In August, the Information Commissioner’s Office (ICO) summarised the current position on EU-US data transfers. The ICO reminded organisations who continue to rely on the Safe Harbor framework, which has been replaced by the EU-US Privacy Shield, that they are in breach of the Data Protection Act 1998 and potentially at risk of enforcement action.
That same month, the European Commission published a guide for citizens on the EU-US Privacy Shield. The guide explains how individuals’ rights are protected under the Privacy Shield framework and provides information on how to complain and seek redress against a Privacy Shield company or a US public authority, where an individual considers that their data protection rights may have been violated.
Action items: These development signal that the ICO (and privacy regulators around the EU) are unlikely to look sympathetically on any failure by an organisation to establish compliant arrangements for EU-US transfers, now the replacement of Safe Harbor is in place. Organisations still relying on the Safe Harbor should take action to make alternative arrangements.
Support in preparing for the General Data Protection Regulation
In her first speech since becoming the new Information Commissioner, Elizabeth Denham acknowledged that it was extremely likely that the General Data Protection Regulation (GDPR) would apply before the UK leaves the EU. The Secretary of State, Karen Bradley MP subsequently confirmed to the Culture, Media and Sports Select Committee that the UK will be implementing the GDPR in May 2018.
The ICO will support businesses and public bodies in preparing for compliance with the GDPR’s requirements before May 2018, and has already started with the 12-step checklist and the updated privacy notices code of practice. During November, the ICO will publish a revised timetable setting out its priorities for the publication of guidance over the next six months.
Practical Law has published a toolkit of key resources designed to assist organisations with preparing for and complying with the GDPR.
Record fine for data protection breach
The ICO issued a record £400,000 monetary penalty notice to TalkTalk Telecom Group plc (TalkTalk) in October for failing to keep personal data secure. The ICO’s investigation found that TalkTalk had failed to have appropriate security measures in place, which could have prevented the cyberattack.
The record fine sends a strong message to businesses of the importance of keeping personal data secure, especially financial information. The Information Commissioner’s comment that cybersecurity should not be seen as an IT issue but a boardroom issue is particularly telling.
Action points: Ensure that cybersecurity is given suitable prominence at boardroom-level. Well-resourced businesses will find a failure to implement adequate security measures particularly hard to explain in the event of a significant data breach. This toolkit highlights all Practical Law’s content on cybersecurity.
Law Society note on electronic signatures published
The use of electronic signatures (e-signatures) is becoming increasingly common in a range of commercial transactions. In the summer, the Law Society and the City of London Law Society published a practice note on the execution of documents using an e-signature. The note was developed by a joint working party of the Law Society Company Law Committee and the City of London Law Society Company Law and Financial Law Committees and has been approved by leading counsel.
It sets out principles for determining whether certain types of documents (including contracts, deeds and minutes and resolutions) that have been signed with an electronic signature have been validly executed under English law. Practical Law’s note provides an overview of the law and practice relating to the execution of simple contracts and deeds under the laws of England and Wales.
Brexit: key developments since August
In October, the Prime Minister Theresa May announced at the Conservative Party conference that Article 50 of the Treaty on European Union (TEU) would be triggered before the end of March 2017, and that the next Queen’s Speech (expected in April or May 2017) would include a Great Repeal Bill, to repeal the European Communities Act 1972.
However, the High Court’s decision that the Royal prerogative did not empower the government to give notice pursuant to Article 50 of the TEU may affect this projected timeframe. The immediate practical effect of the judgment is that, unless the decision is overturned, the government will need to pass an Act of Parliament authorising it to notify the European Council under Article 50, contrary to its earlier intention.
The Supreme Court has granted the government’s application to appeal and it has been listed for 5 to 8 December 2016, with judgment expected in early 2017.
Track Brexit developments on our homepage, which highlights resources from across Practical Law on the legal implications of Brexit.
Cases round-up
Standard term choosing supplier’s law unfair for consumer
Companies trading cross-border with EU consumers on terms that do not apply the local law of the consumer will need to consider updating their standard choice of law clauses after the ECJ held that a standard term under which a contract concluded with a consumer is to be governed by the law of the member state in which the supplier is established was unfair.
This was because the standard term gave the consumer the impression that only the law of that member state applied, without informing him that he also enjoyed the protection of the mandatory provisions of the law that would otherwise be applicable.
Action points: Companies should ensure that their standard choice of law clauses in consumer contracts do not create the impression that the consumer is not entitled to any mandatory consumer protections applicable in the country where they live, for example by explaining that such protections apply.
Warranties are not representations
Buyers are likely to face some difficulty in successfully arguing that the warranties in a share purchase agreement (SPA) are also actionable in misrepresentation if the SPA does not expressly provide (in so many words or in effect) that the warranties are also to take effect, or be treated as representations after the High Court granted summary judgment in a case in August.
The court held that where a contractual provision states only that a party is giving a warranty, that party does not, by concluding the contract, make any statement to the counterparty that is actionable as a misrepresentation.
From the seller’s perspective, one of the best defences to the risk of any inaccuracies in its warranties giving rise to parallel claims in contract and the tort of misrepresentation lies in ensuring that the SPA contains a comprehensive entire agreement clause, which is drafted to exclude any liability for misrepresentation (to the fullest extent permitted by law), whether arising from pre-contractual statements or the terms of the SPA itself.
Restrictive covenants and boilerplate provisions in SPAs considered
In September, the High Court considered the meaning and effect of several provisions that are commonplace in SPAs, including restrictive covenants given by sellers, a further assurance provision, a clause prohibiting assignment save in certain specified circumstances, a provision relating to the rights of third parties and a choice of jurisdiction clause.
The case is of interest partly for the review of these common terms but also for the practical insight it gives to the way in which a straightforward commercial deal on commonplace terms (in this instance the sale of the Karen Millen fashion business) can complicate and unravel over time.
Bolam test abandoned in negligent financial advice claim
Also in September, the High Court held that the Bolam test did not apply to the issue of whether a defendant bank had breached its duty of care when advising claimants about investments. In doing so, the judge focused on what the claimant, an informed investor, would expect to be told and not on whether the defendant had advised in accordance with a practice accepted as proper by a reasonable body of persons skilled in the giving of financial advice (that is, in accordance with the Bolam test).
The decision suggests that the giving of investment advice is not simply an exercise of professional skill; an informed investor, like a medical patient, is entitled to decide the risks that he is willing to take and has to take responsibility for his own mistakes.